Arch Linux locks down AUR signups amid wave of malicious commits

A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account ...
ZDNet

Linux Foundation's trust scorecards aim to battle rising open-source security threats

Open-source code has become a malware vector. For example, by the closest of shaves, an open-source developer discovered that Jia Tan, a chief programmer and maintainer of the Linux xz data ...
SecurityWeek

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

At least 1,500 malicious packages were published to the Arch User Repository (AUR) as part of the Atomic Arch supply chain ...
GamingOnLinuxOpinion

The security situation with the Arch Linux AUR got a lot worse

Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious ...
The Next Web

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Research Snipers

Major attack on Arch Linux: massive malware injection into the AUR

Arch Linux continues to struggle with a large-scale malware wave in its user repository AUR (Arch User Repository). This is currently literally flooded with malware. The attack continues and becomes ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...